6684 matches found
Adobe Reader 'spell.customDictionaryOpen()' Javascript函数远程代码执行漏洞
BUGTRAQ ID: 34740 CNCAN ID:CNCAN-2009043002 Adobe Reader是一款PDF文件解析程序。 Adobe Reader处理'spell.customDictionaryOpen' Javascript函数存在问题,远程攻击者可以利用漏洞以运行用户权限执行任意代码。 构建超长参数提交给'spell.customDictionaryOpen'函数处理,可触发缓冲区溢出,导致以运行Adobe Reader应用程序的安全上下文执行任意代码。 Adobe Acrobat Reader 8.1.4 Adobe Acrobat Reader 9.1...
CVE-2009-1493
The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a PDF file that triggers a call to this method with a long string in th...
CVE-2009-1492
The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code...
CVE-2009-1492
The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code...
CVE-2009-1493
The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a PDF file that triggers a call to this method with a long string in th...
Memory corruption
The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a PDF file that triggers a call to this method with a long string in th...
Authentication flaw
The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code...
CVE-2009-1493
The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a PDF file that triggers a call to this method with a long string in th...
CVE-2009-1492
CVE-2009-1492 concerns Adobe Reader/Acrobat JavaScript API. The vulnerability affects the getAnnots Doc method in the JavaScript API of Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier. A PDF containing an annotation with an OpenAction entry invoking this method using crafted integer argum...
Adobe Reader 'getAnnots()' Javascript函数远程代码执行漏洞
BUGTRAQ ID: 34736 Adobe Reader是一款PDF文件解析程序。 Adobe Reader处理Javascript存在问题,远程攻击者可以利用漏洞以运行用户权限执行任意代码。 构建包含超长名的注解,在使用'getAnnots' Javascript函数解析时可触发缓冲区溢出,导致以运行Adobe Reader应用程序的安全上下文执行任意代码。 Adobe Acrobat Reader 8.1.4 Adobe Acrobat Reader 9.1 目前没有解决方案提供: http://www.adobe.com/ // //Exploit made by Arr1va...
Adobe Reader 8.1.4/9.1 GetAnnots() Remote Code Execution Exploit
No description provided by source. // //Exploit made by Arr1val //Proved in adobe 9.1 and adobe 8.1.4 on linux // //Steps: //- create a pdf with an annotation a note i used an annotation with a very long AAAAA name, but that might be omitted //- attach the following script to the OpenAction of th...
PT-2009-3991 · Adobe · Reader
Name of the Vulnerable Software and Affected Versions: Adobe Reader versions 9.1, 8.1.4, 7.1.1, and earlier Description: The issue allows remote attackers to cause a denial of service or execute arbitrary code via a PDF file that triggers a call to the customDictionaryOpen spell method with a lon...
Adobe Reader 8.1.4/9.1 GetAnnots() Remote Code Execution Exploit
Exploit for linux platform in category remote exploits ================================================================ Adobe Reader 8.1.4/9.1 GetAnnots Remote Code Execution Exploit ================================================================ // //Exploit made by Arr1val //Proved in adobe 9....
Adobe Reader 8.1.49.1 - GetAnnots() Remote Code Execution
Adobe Reader 8.1.49.1 - GetAnnots Remote Code Execution // //Exploit made by Arr1val //Proved in adobe 9.1 and adobe 8.1.4 on linux // //Steps: //- create a pdf with an annotation a note i used an annotation with a very long AAAAA name, but that might be omitted //- attach the following script to...
Adobe Reader 8.1.4/9.1 - 'GetAnnots()' Remote Code Execution
// //Exploit made by Arr1val //Proved in adobe 9.1 and adobe 8.1.4 on linux // //Steps: //- create a pdf with an annotation a note i used an annotation with a very long AAAAA name, but that might be omitted //- attach the following script to the OpenAction of the pdf. // var memory; function...
Adobe PDF zero-day update: Turn off JavaScript
Adobe’s security response team is scrambling to investigate new public reports of a new zero-day vulnerability affecting uses of its widely deployed PDF Reader software. In a brief note posted to its PSIRT blog, Adobe confirmed it was investigating a code execution flaw, which affects Adobe Reade...
Adobe Reader getAnnots Exploit
// //Exploit made by Arr1val //Proved in adobe 9.1 and adobe 8.1.4 on linux // //Steps: //- create a pdf with an annotation a note i used an annotation with a very long AAAAA name, but that might be omitted //- attach the following script to the OpenAction of the pdf. // var memory; function...
Adobe Reader Spell Exploit
// //Exploit made by Arr1val //Proved in adobe 9.1 and adobe 8.1.4 on linux // var memory; function NewScript var nop = unescape"%u9090%u9090"; var shellcode = unescape...
Adobe Reader 'getAnnots()' JavaScript Function Remote Code Execution Vulnerability
Description Adobe Reader is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users. Reader 8.1.4 and 9.1 for Linux are...
Adobe Reader 'spell.customDictionaryOpen()' JavaScript Function Remote Code Execution Vulnerability
Description Adobe Reader is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users. Reader 8.1.4 for Linux is vulnerable; oth...